Remove From My Forums

Unauthorised change to windows Error: 0xC004D401

Question
0

Sign in to vote

Hey there everyone,
I noticed a post with the same error code just below me, but then read a post stating, 'each user should post their own problems with a diagnostic log in a separate thread' so I'm posting it here.

Jsst randomly, I've recived an error stating "An unauthorised change was made to WIndows"... On checking the information online to troubleshoot the problem, I have found that I am unable to carry any of it out as I can not right-click on my computer and neither can I access the control panel.

Diagnostic Report (1.9.0006.1):

-----------------------------------------

WGA Data-->

Validation Status: Invalid License

Validation Code: 50

Online Validation Code: 0xc004d401

Cached Validation Code: N/A, hr = 0xc004d401

Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q

Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=

Windows Product ID: 89578-OEM-7332157-00061

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.0.6001.2.00010300.1.0.003

ID: {E28DD826-29FA-4FAB-A2DD-8B585F0493C8}(3)

Is Admin: Yes

TestCab: 0x0

WGA Version: Registered, 1.9.9.1

Signed By: Microsoft

Product Name: Windows Vista (TM) Home Premium

Architecture: 0x00000000

Build lab: 6001.vistasp1_gdr.090302-1506

TTS Error: M:20090420003058139-

Validation Diagnostic:

Resolution Status: N/A

WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: 6.0.6002.16398

WGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

WGATray.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 100 Genuine

Microsoft Expression Web 2 - 121

Microsoft Office Enterprise 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 7E90FEE8-198-80004005_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{E28DD826-29FA-4FAB-A2DD-8B585F0493C8}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-3006200912-2357558042-2072432084</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="4"/><Date>20081204000000.000000+000</Date></BIOS><HWID>12303507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0045-0000-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Expression Web 2</Name><Ver>12</Ver><Val>5C75A1FD862B576</Val><Hash>cYq9KbAcKmw7RHHUxwPI1Qn9sa8=</Hash><Pid>78727-699-6506803-59786</Pid><PidType>0</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>332ACF7F0CA1773</Val><Hash>sWOW+KtvcRAzSfkKv9/OZJCDmBM=</Hash><Pid>81599-953-5518556-65180</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAABAAAAJgXBwAAAAAAYWECAARAuoqhoR56Q8HJAW4aG1/FHasdtBRBPRnxqCJ9TOSPdqB0oI38tcJy30fZJD9q7ivB5m2yrndsYW2l7ono/4lgLByrFetp9mDWsi32WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agifUzkj3agdKCN/LXCct9H2YZC9/aSMH/JryguO+I2VPSJ6P+JYCwcqxXrafZg1rIt9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIgagQ1FGab/K4o+AY/YPssKZy+x8W0Vvu6fPiiaMcKBNg1d8B6VZ1L8EVJbf5DZ2OfZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCIRBEL+AGbmrZu6SHwZwukluMklPRFZ7tyM5MKsVHZRgBfrVJ8Uis/JDmi5LEO2GQv2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

Licensing Data-->

C:\Windows\system32\slmgr.vbs(1634, 5) (null): 0xC004D401

HWID Data-->

HWID Hash Current: OAAAAAEAAgABAAIAAgACAAAAAwABAAEAeqjehuDayCd6f34OfDkkQy+C8vTWm0YFNveqY6xWRso=

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20000

OEMID and OEMTableID Consistent: yes

BIOS Information:

  ACPI Table Name OEMID Value OEMTableID Value

  APIC HPQOEM SLIC-MPC

  FACP HP VADER

  HPET HPQOEM SLIC-MPC

  BOOT HPQOEM SLIC-MPC

  MCFG HPQOEM SLIC-MPC

  DMAR

  SSDT PmRef CpuPm

  ASF! HPQOEM SLIC-MPC

  SLIC HPQOEM SLIC-MPC

  SSDT PmRef CpuPm

------------------------------

The windows installed on this machine (Hp dv7-1050ea) has not been changed in any way, and I have kept the Vista Home Premium that came with this notebook.

Any help / advice would be very much appreciated.

Thank you.

Monday, April 20, 2009 12:17 AM

Answers

0

Sign in to vote
Hey there Diana,
Thank you for the information. I understand how to fix the problem but may I ask what causes it in the first place so that I can avoid it later on?

Thank you
- Marked as answer by humanhowever Tuesday, April 21, 2009 9:14 PM
Monday, April 20, 2009 10:09 AM

All replies

0

Sign in to vote

hI devil in red,

0xC004D401 is a windows regestry error. Some system files have altered,probably in security properties so that windows isn't properly able to interpret them. I would suggest a system recovery, using recovery manager or backup CD's that came with your system. You can probably get help from the manufacturer of your system
Diana , MSP, MSBP, .Net Developement and Visual Studio Forums Moderator, MSDN Sandbox Forums Moderator http://djartsinc.spaces.live.com Smile,,,Share Some Sunshine

Monday, April 20, 2009 3:47 AM
0

Sign in to vote
Hey there Diana,
Thank you for the information. I understand how to fix the problem but may I ask what causes it in the first place so that I can avoid it later on?

Thank you
- Marked as answer by humanhowever Tuesday, April 21, 2009 9:14 PM
Monday, April 20, 2009 10:09 AM
0

Sign in to vote
Hi,

It can be caused by several things. Sometimes software will alter permissions. Malware or spyware can alter system filed. The same problem happened to me on one of my vista pc's. My computer management tools quit working, they couldn't be displayed. So, I tryed to fix it , but was unsucessfull. Other error occured. Then oneday, I signed onto my desktop and recieved the error, Your copy of windows is invalid. The pc was only 5 months old, and still under warenty. Hp fixed the pc and sent me a new set of backup cd's. They said, It wasn't my fault. The pc had a manufacturer defect when I purchased it.So , a number of things can cause it. Installing software that has a compadibilitie issue with your os can also cause it.
Diana , MSP, MSBP, .Net Developement and Visual Studio Forums Moderator, MSDN Sandbox Forums Moderator http://djartsinc.spaces.live.com Smile,,,Share Some Sunshine
- Proposed as answer by djartsinc Tuesday, April 21, 2009 8:10 PM
Monday, April 20, 2009 10:25 AM
0

Sign in to vote

Thank you!

I've done a system recovery and it seems to have sorted out the problem.

The hardest part now is putting everything back on making it just like it was before.

I very much appreciate you help and thank you.

Tuesday, April 21, 2009 6:43 PM
1

Sign in to vote

Hello devil in red,

The issue you were experiancing was not a Registry error. The error code 0xc004d401 means a In Memory Mod-Auth tamper is occuring. In other words an incompatible program is attempting to hook or shim (i.e. modify) a protected Vista ystem file that is running in system memory (this can also be caused by malware doing the same sort of thing, on purpose, as an incompatible program does, by accident).

Since you have already restored Vista, I just want to caution you to make sure each program you are reinstalling are, in fact, compatible with Vista.

If this issue ever occures again, and you have made sure all the programs are compatible, the next thing to look for is a malware infection.

Thank you,
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful. This will help us showcase the threads that best help our customers.

Wednesday, April 22, 2009 8:28 PM
0

Sign in to vote

Hey there Darin,
thank you for the advice but I wanted to ask if that is the case, how do I find out which programs are incompatable with Vista? I read the online help for the error that microsoft provides and there are only a few listed programs...

Thanks

Wednesday, April 22, 2009 9:21 PM
0

Sign in to vote

Hi devel in red,

Here is a compatibility list

http://www.iexbeta.com/wiki/index.php/Windows_Vista_Software_Compatibility_List
Diana

Wednesday, April 22, 2009 10:21 PM
1

Sign in to vote

Hi devil in red,

In addition to the list Diana provided, you can also go to the program's web site. It should state that the software is specifically compatible with Vista. And while you are there, you can also ensure you have the most current version and/or patches for that software.

In all honesty, Vista has been out long enough that if you are running up to date software, you shouldn't have a problem. Now days, the big "incompatible program" you really need to worry about, is Malware.

Hope that helps,
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful. This will help us showcase the threads that best help our customers.

Thursday, April 23, 2009 12:50 AM
0

Sign in to vote

Thanks a lot. much appreciated.

Sunday, April 26, 2009 9:40 AM

Answered by:

Unauthorised change to windows Error: 0xC004D401

Question

Answers

All replies